I'm getting a security exception when using the RadEditor in Medium Trust
Web.config
<
system.web >
<
trust level="Medium" originUrl="" />
....
...
<httpHandlers> <remove verb="*" path="*.asmx" /> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false" /> <add path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" validate="false" /> <add path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" validate="false" /> <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" /> <add path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" validate="false" /> <add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" validate="false" /> </httpHandlers> <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules> <remove name="ScriptModule" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <remove name="RadUploadModule" /> <add name="RadUploadModule" type="Telerik.Web.UI.RadUploadHttpModule" preCondition="integratedMode,runtimeVersionv2.0" /> <remove name="RadCompression" /> <add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode,runtimeVersionv2.0" /> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated" /> <remove name="ScriptHandlerFactory" /> <remove name="ScriptHandlerFactoryAppServices" /> <remove name="ScriptResource" /> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <remove name="ChartImage_axd" /> <add name="ChartImage_axd" path="ChartImage.axd" type="Telerik.Web.UI.ChartHttpHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" /> <remove name="Telerik_Web_UI_SpellCheckHandler_axd" /> <add name="Telerik_Web_UI_SpellCheckHandler_axd" path="Telerik.Web.UI.SpellCheckHandler.axd" type="Telerik.Web.UI.SpellCheckHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" /> <remove name="Telerik_Web_UI_DialogHandler_aspx" /> <add name="Telerik_Web_UI_DialogHandler_aspx" path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" /> <remove name="Telerik_RadUploadProgressHandler_ashx" /> <add name="Telerik_RadUploadProgressHandler_ashx" path="Telerik.RadUploadProgressHandler.ashx" type="Telerik.Web.UI.RadUploadProgressHandler" verb="*" preCondition="integratedMode,runtimeVersionv2.0" /> <remove name="Telerik_Web_UI_WebResource_axd" /> <add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI" verb="*" preCondition="integratedMode,runtimeVersionv2.0" /> </handlers> <defaultDocument> <files> <clear /> <add value="default.aspx" /> <add value="index.html" /> <add value="Default.htm" /> <add value="index.htm" /> <add value="Default.asp" /> <add value="iisstart.htm" /> </files> </defaultDocument> </system.webServer>Master Page <form id="form1" runat="server"> <telerik:RadScriptManager ID="RadScriptManager1" OutputCompression="AutoDetect" ScriptMode="Release" runat="server" LoadScriptsBeforeUI="True" EnableScriptCombine="True"> <Scripts> <%--Needed for JavaScript IntelliSense in VS2010--%> <%--For VS2008 replace RadScriptManager with ScriptManager--%> <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.Core.js" /> <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQuery.js" /> <asp:ScriptReference Assembly="Telerik.Web.UI" Name="Telerik.Web.UI.Common.jQueryInclude.js" /> </Scripts> </telerik:RadScriptManager> <telerik:RadStyleSheetManager ID="RadStyleSheetManager1" OutputCompression="AutoDetect" runat="server"> </telerik:RadStyleSheetManager> <%--RestoreOriginalRenderDelegate="false" needed for godaddy hosting, which runs in Medium Trust--%> <telerik:RadAjaxManager ID="RadAjaxManager1" runat="server" RestoreOriginalRenderDelegate="false"> </telerik:RadAjaxManager> <telerik:RadSkinManager ID="RadSkinManager1" runat="server"> </telerik:RadSkinManager> <telerik:RadWindowManager EnableEmbeddedSkins="true" ID="RadWindowManager1" runat="server" InitialBehaviors="None" EnableViewState="true" DestroyOnClose="true" Behaviors="Close, Resize, Maximize, Move" ShowContentDuringLoad="true"> <Windows> <telerik:RadWindow runat="server" InitialBehaviors="None" Left="" Top="" ID="Features" Behaviors="Close, Resize, Maximize, Move" Height="400" Modal="True" VisibleStatusbar="false" Width="1000px" DestroyOnClose="false" ShowContentDuringLoad="true" ReloadOnShow="True" OnClientClose="ClearWindow" Animation="None" NavigateUrl=""> </telerik:RadWindow> </Windows> </telerik:RadWindowManager> <telerik:RadFormDecorator ID="RadFormDecorator2" DecoratedControls="All" runat="server" DecorationZoneID="ZoneID1"></telerik:RadFormDecorator> <div class="DesignWidth" style="height: 100%;"> <div id="ZoneID1" style="height: 100%;"> <uc1:Header ID="Header1" runat="server" /> <uc2:Menu ID="Menu1" runat="server" /> <telerik:RadAjaxPanel ID="PagePanel" runat="server" LoadingPanelID="RadAjaxLoadingPanel1" RestoreOriginalRenderDelegate="false"> <asp:ContentPlaceHolder ID="ContentPlaceHolder1" runat="server"> </asp:ContentPlaceHolder> </telerik:RadAjaxPanel> </div> </div> <telerik:RadAjaxLoadingPanel ID="RadAjaxLoadingPanel1" runat="server" HorizontalAlign="Center" Skin="Default"> </telerik:RadAjaxLoadingPanel> </form>Content Page <%@ Page Title="" Language="vb" AutoEventWireup="false" MasterPageFile="~/TenkillerTaxidermy.Master" CodeBehind="Test.aspx.vb" Inherits="TenkillerTaxidermy.Test" %> <%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %> <asp:Content ID="Content1" ContentPlaceHolderID="ContentPlaceHolder1" runat="server"> <telerik:RadEditor ID="reap_HTMLContent" ToolbarMode="Default" ContentAreaMode="Div" AllowScripts="true" runat="Server" Width="875px" AutoResizeHeight="false"> <Modules> <telerik:EditorModule Name="RadEditorHtmlInspector" Enabled="false" Visible="false" /> <telerik:EditorModule Name="RadEditorNodeInspector" Enabled="false" Visible="false" /> <telerik:EditorModule Name="RadEditorDomInspector" Enabled="false" Visible="false" /> <telerik:EditorModule Name="RadEditorStatistics" Enabled="true" Visible="true" /> </Modules> </telerik:RadEditor> </asp:Content> Exception Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.SpecialDemand(PermissionType whatPermission, StackCrawlMark& stackMark) +0 System.Security.CodeAccessPermission.DemandInternal(PermissionType permissionType) +30 System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck) +143 System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck) +231 System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph) +17 System.Web.UI.ObjectStateFormatter.SerializeValue(SerializerBinaryWriter writer, Object value) +3316 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.4952; ASP.NET Version:2.0.50727.49552 Answers, 1 is accepted
0
Roger
Top achievements
Rank 1
Rank 1
answered on 08 Mar 2011, 03:34 PM
I've managed to track this issue down to the below in my App_Browsers page, this is only an issue when in Medium Trust. When in Medium trust, I get the Security exceptions as described in the original post. If I remove the APP_Browswers Director all the RadEditor dialogs seem to work fine in Medium Trust.
I've also added the below to the web.config, but no change, the security exceptions continues when in medium trust.
I've also added the below to the web.config, but no change, the security exceptions continues when in medium trust.
<sessionPageState historySize="20" />PageStateAdapter.browser <browsers> <browser refID="Default"> <controlAdapters> <adapter controlType="System.Web.UI.Page" adapterType="Telerik.Web.UI.RadSessionPageStateCompression" /> </controlAdapters> </browser> </browsers> 0
Hi Roger,
Thank you for reporting this problem.
I was able to reproduce it and logged it for fixing in our PITS system. We are currently working hard on RadControls for ASP.NET AJAX Q1 2011 and we will be able to investigate this problem after the release, scheduled for the end of next week. Here you can find the PITS Issue and check it status: Public URL.
Your Telerik points were updated for your bug report as well.
Best regards,
Rumen
the Telerik team
Thank you for reporting this problem.
I was able to reproduce it and logged it for fixing in our PITS system. We are currently working hard on RadControls for ASP.NET AJAX Q1 2011 and we will be able to investigate this problem after the release, scheduled for the end of next week. Here you can find the PITS Issue and check it status: Public URL.
Your Telerik points were updated for your bug report as well.
Best regards,
Rumen
the Telerik team
Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!